You are not logged in.
Hello.
I spend many time for searching some problems with my VPN connection throught NetworkManager openconnect plugin.
I should up VPN by Cisco Any connect. Auth by certificate and username and password.
I have config:
i3wm + networkmanager 1.44.0-1 +networkmanager-openconnect 1.2.10-1 + gnome-keyring (if it needs)
When I push on vnp connection I don't get window for input PEM_pass_phrase, username and password. I got this errors
journalctl -xe
sep 13 00:22:53 redmi NetworkManager[1262]: <info> [1694553773.1557] vpn[0x56265b4dcb70,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: starting openconnect
sep 13 00:22:53 redmi NetworkManager[1262]: <info> [1694553773.1558] audit: op="connection-activate" uuid="7b628aa8-674f-43af-a700-96182110a927" name="testVPN" pid=1705 uid=1000 result="success"
sep 13 00:22:53 redmi NetworkManager[1262]: <warn> [1694553773.1736] vpn[0x56265b4dcb70,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: secrets: failed to request VPN secrets #3: User canceled the secrets request.
When I connect manually by command
nmcli connection up testVPN --ask
I got VPN connection.
My config is
sudo cat /etc/NetworkManager/system-connections/testVPN.nmconnection
[connection]
id=testVPN
uuid=7b628aa8-674f-43af-a700-96182110a927
type=vpn
autoconnect=false
[vpn]
authtype=cert
autoconnect-flags=0
cacert=/home/dm/certificates/root.pem
certsigs-flags=0
cookie-flags=2
disable_udp=no
enable_csd_trojan=no
gateway=vpn.doman.com
gateway-flags=2
gwcert-flags=2
lasthost-flags=0
pem_passphrase_fsid=no
prevent_invalid_cert=no
protocol=anyconnect
resolve-flags=2
stoken_source=disabled
usercert=/home/dm/certificates/client_ssl.pem
xmlconfig-flags=0
service-type=org.freedesktop.NetworkManager.openconnect
[ipv4]
method=auto
[ipv6]
addr-gen-mode=stable-privacy
method=auto
[proxy]
I was trying to write password and user in vpn-secrets sections, but it didn't help me. Also I can't found some information about parameters this configs like password-flags and how save username.
All my variants got one error:
A password is required to connect to 'testVPN'.
Warning: password for 'vpn.secrets.gateway' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: No valid secrets
Offline
https://wiki.archlinux.org/title/Networ … #nm-applet
Otherwise
loginctl session-status
echo $DBUS_SESSION_BUS_ADDRESS
and in doubt the last link below.
Online
[en]loginctl session-status[/en]
loginctl session-status
2 - dm (1000)
Since: Wed 2023-09-13 08:17:49 MSK; 4min 23s ago
Leader: 1663 (sddm-helper)
Seat: seat0; vc2
TTY: tty2
Service: sddm; type x11; class user
State: active
Idle: no
Unit: session-2.scope
├─1663 /usr/lib/sddm/sddm-helper --socket /tmp/sddm-auth-2a2115bd-4f3f-4326-8e8f-2fbec75dcde6 --id 1 --start i3-with-shmlog --user dm
├─1684 i3-with-shmlog
├─1697 nm-applet
├─1711 xclip
├─1720 /usr/bin/python /usr/bin/autotiling
├─1724 polybar bottom
├─1912 compton -b
├─2685 /opt/yandex/browser/yandex_browser
├─2690 cat
├─2691 cat
├─2693 /opt/yandex/browser/chrome_crashpad_handler --monitor-self --monitor-self-annotation=ptype=crashpad-handler "--database=/home/dm/.config/yandex-browser/Crash Reports" --metrics-dir=/home>
├─3260 "/opt/yandex/browser/yandex_browser --type=renderer --user-id=92005d01-d35e-4c27-a700-3fa919e9912a --brand-id=yandex --crashpad-handler-pid=2693 --enable-crash-reporter=27903d28-8b55-4ee>
├─3441 alacritty
├─3829 /bin/zsh
├─4242 loginctl session-status
└─4243 less
sep 13 08:17:49 redmi systemd[1]: Started Session 2 of User dm.
echo $DBUS_SESSION_BUS_ADDRESS
unix:path=/run/user/1000/bus
As I understand it, gnome keyring is not running. I was searching different ways to run it but can't to make it with i3wm + sddm. It should to run.
Maybe It can be useful
sudo systemctl status gnome-keyring-daemon
Unit gnome-keyring-daemon.service could not be found.
systemctl --user show-environment
HOME=/home/dm
LANG=ru_RU.UTF-8
LC_MESSAGES=en_US.UTF-8
LOGNAME=dm
MAIL=/var/spool/mail/dm
PATH=/usr/local/bin:/usr/bin:/var/lib/snapd/snap/bin
SHELL=/bin/zsh
USER=dm
XDG_RUNTIME_DIR=/run/user/1000
XDG_DATA_DIRS=/usr/local/share/:/usr/share/:/var/lib/snapd/desktop
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
DISPLAY=:0
XAUTHORITY=/tmp/xauth_vfZUYU
The logn password is the same as keyring password
Last edited by zakrush (2023-09-13 05:53:03)
Offline
nm-applet should maybe still ask, gkr or not - afaiu it doesn't do that for you?
https://bbs.archlinux.org/viewtopic.php?id=278836
https://bbs.archlinux.org/viewtopic.php?id=285845 # suggests to explicitly disable GKR in the OpenVPN settings
https://bbs.archlinux.org/viewtopic.php?id=286378 # user actually cancelled, ultimate cause was a bad cipher algo.
Edit: your session is fine, it's not a dbus issue.
Last edited by seth (2023-09-13 09:57:57)
Online
nm-applet should maybe still ask, gkr or not - afaiu it doesn't do that for you?
https://bbs.archlinux.org/viewtopic.php?id=278836
https://bbs.archlinux.org/viewtopic.php?id=285845 # suggests to explicitly disable GKR in the OpenVPN settings
https://bbs.archlinux.org/viewtopic.php?id=286378 # user actually cancelled, ultimate cause was a bad cipher algo.Edit: your session is fine, it's not a dbus issue.
Yes it doesn't asked mee.
I read and try this toppics. Nothing help me.
First I installed webkit2gtk-4.1.2
pacman -Q | grep webkit2gtk
webkit2gtk-4.1 2.40.5-2
It didn't help me.
Then I downgrade networkmanager-openconnect to 1.2.8-2
pacman -Q | grep openconnect
networkmanager-openconnect 1.2.8-2
openconnect 1:8.10-1
It is also didn't help.
I have the same error:
secrets: failed to request VPN secrets #3: User canceled the secrets request.
Offline
Can you try the behavior on openbox?
Just in case that nm-applet doesn't play ball w/ tiling WMs (and needs to be set to floating mode)?
Online
Can you try the behavior on openbox?
Just in case that nm-applet doesn't play ball w/ tiling WMs (and needs to be set to floating mode)?
hmm... I'm thinking it will be some problem try with openbox.
So about floating mode. I don't have problem with ask and save WiFi password in float window.
Offline
Run
nmcli connection up testVPN
see whether you get asked for credentials and if not, post the system journal
Online
Run
nmcli connection up testVPN
see whether you get asked for credentials and if not, post the system journal
nmcli connection up testVPN
A password is required to connect to 'testVPN'.
Warning: password for 'vpn.secrets.gateway' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: No valid secrets
Hint: use 'journalctl -xe NM_CONNECTION=7b628aa8-674f-43af-a700-96182110a927 + NM_DEVICE=enp0s13f0u1u4u4' to get more details.
journalctl -xe NM_CONNECTION=7b628aa8-674f-43af-a700-96182110a927 + NM_DEVICE=enp0s13f0u1u4u4
сен 21 11:36:32 redmi NetworkManager[1267]: <info> [1695285392.9934] vpn[0x557c127d8f30,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: starting openconnect
сен 21 11:36:33 redmi NetworkManager[1267]: <warn> [1695285393.0244] vpn[0x557c127d8f30,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: secrets: failed to request VPN secrets #3: User canceled the secrets request.
сен 21 11:39:39 redmi NetworkManager[1267]: <info> [1695285579.7697] vpn[0x557c1286c300,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: starting openconnect
сен 21 11:39:39 redmi NetworkManager[1267]: <warn> [1695285579.8015] vpn[0x557c1286c300,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: secrets: failed to request VPN secrets #3: User canceled the secrets request.
journalctl -f
сен 21 11:45:29 redmi NetworkManager[1267]: <info> [1695285929.2456] agent-manager: agent[a29a193b028741c1,:1.349/nmcli-connect/1000]: agent registered
сен 21 11:45:29 redmi NetworkManager[1267]: <info> [1695285929.2476] vpn[0x557c12932270,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: starting openconnect
сен 21 11:45:29 redmi NetworkManager[1267]: <info> [1695285929.2478] audit: op="connection-activate" uuid="7b628aa8-674f-43af-a700-96182110a927" name="testVPN" pid=108245 uid=1000 result="success"
сен 21 11:45:29 redmi NetworkManager[1267]: <warn> [1695285929.2784] vpn[0x557c12932270,7b628aa8-674f-43af-a700-96182110a927,"testVPN"]: secrets: failed to request VPN secrets #3: User canceled the secrets request.
Offline
Ok, contrary to the wiki, try "nmcli --ask connection up testVPN"
Online
I am experiencing this same issue - XFCE here. After the networkmanager-openconnect upgrade to 1.2.10-1 at the end of May, trying to connect to an anyconnect VPN immediately fails - no username/password entry screen appears.
Via GUI:
The VPN connection ConnectionName failed because there were no valid VPN secrets.
Via CLI:
$ nmcli con up id ConnectionName
A password is required to connect to 'ConnectionName'.
Warning: password for 'vpn.secrets.gateway' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: No valid secrets
Hint: use 'journalctl -xe NM_CONNECTION= + NM_DEVICE=eno1' to get more details.
journalctl shows the same for me as the OP.
This has been reported as an issue, but no action on it so far:
https://gitlab.gnome.org/GNOME/NetworkM … issues/101
For me, "nmcli con up id VPNNAME --ask" works fine, prompting me for my user/pass. Also, downgrading to networkmanager-openconnect to 1.2.8-2 works for me as well - connecting via GUI again asks for user/pass. I've created new VPN connections, verified keyrings, etc., but nothing has worked for me. For now I have added networkmanager-openconnect to my IgnorePkg list in pacman.conf (the only entry in that list) to keep it at the working version, but that's not ideal obviously.
Offline
Ok, contrary to the wiki, try "nmcli --ask connection up testVPN"
At the topic start I write that nmcli -ask connection up testVPN is working for me.
The journalctl logs on this case is:
sep 26 11:50:42 redmi wpa_supplicant[1290]: wlp44s0: Reject scan trigger since one is already pending
sep 26 11:50:54 redmi NetworkManager[1267]: <info> [1695718254.7823] agent-manager: agent[75cde0835c31e578,:1.535/nmcli-connect/1000]: agent registered
sep 26 11:50:54 redmi NetworkManager[1267]: <info> [1695718254.7839] vpn[0x557c1293f910,5703e559-e5af-451e-843b-4f03c7a1d03f,"TestVPN"]: starting openconnect
sep 26 11:50:54 redmi NetworkManager[1267]: <info> [1695718254.7840] audit: op="connection-activate" uuid="5703e559-e5af-451e-843b-4f03c7a1d03f" name="TestVPN" pid=215518 uid=1000 result="success"
sep 26 11:50:57 redmi kernel: CIFS: VFS: \\corp.example.com has not responded in 180 seconds. Reconnecting...
sep 26 11:50:58 redmi key.dns_resolver[215538]: t2ru-dcs-02.corp.example.com: No address associated with name
sep 26 11:51:04 redmi key.dns_resolver[215543]: T2RU-DCS-03.corp.example.com: No address associated with name
sep 26 11:51:10 redmi key.dns_resolver[215548]: T2RM-DCS-01.corp.example.com: No address associated with name
sep 26 11:51:18 redmi key.dns_resolver[215554]: T2RU-DCS-01.corp.example.com: No address associated with name
sep 26 11:51:19 redmi key.dns_resolver[215553]: t2rm-fpsclr-01: No address associated with name
sep 26 11:51:20 redmi openconnect[215558]: Connected to 194.176.96.4:443
sep 26 11:51:20 redmi openconnect[215558]: SSL negotiation with 194.176.96.4
sep 26 11:51:21 redmi openconnect[215558]: Server certificate verify failed: signer not found
sep 26 11:51:21 redmi openconnect[215558]: Connected to HTTPS on 194.176.96.4 with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
sep 26 11:51:21 redmi openconnect[215558]: Got CONNECT response: HTTP/1.1 200 OK
sep 26 11:51:21 redmi openconnect[215558]: CSTP connected. DPD 30, Keepalive 20
sep 26 11:51:21 redmi openconnect[215558]: Connected as 10.12.143.146, using SSL, with DTLS in progress
sep 26 11:51:21 redmi openconnect[215558]: Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(DHE-CUSTOM)-(AES-256-CBC)-(SHA1).
sep 26 11:51:21 redmi openconnect[215558]: SIOCSIFMTU: Operation not permitted
sep 26 11:51:21 redmi dbus-daemon[1227]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.5' (uid=0 pid=1267 comm="/usr/bin/NetworkManager --no-daemon")
sep 26 11:51:21 redmi NetworkManager[1267]: <info> [1695718281.9431] device (vpn0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
sep 26 11:51:21 redmi NetworkManager[1267]: <info> [1695718281.9439] device (vpn0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
sep 26 11:51:21 redmi NetworkManager[1267]: <info> [1695718281.9442] device (vpn0): Activation: starting connection 'vpn0' (9b23da77-d2a0-4f31-b818-ecceb5c89f71)
sep 26 11:51:21 redmi NetworkManager[1267]: <info> [1695718281.9450] device (vpn0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
sep 26 11:51:21 redmi NetworkManager[1267]: <info> [1695718281.9451] device (vpn0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
sep 26 11:51:21 redmi NetworkManager[1267]: <info> [1695718281.9452] device (vpn0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
sep 26 11:51:21 redmi NetworkManager[1267]: <info> [1695718281.9453] device (vpn0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
sep 26 11:51:21 redmi systemd[1]: Starting Network Manager Script Dispatcher Service...
░░ Subject: A start job for unit NetworkManager-dispatcher.service has begun execution
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit NetworkManager-dispatcher.service has begun execution.
░░
░░ The job identifier is 14394.
sep 26 11:51:21 redmi dbus-daemon[1227]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
sep 26 11:51:21 redmi systemd[1]: Started Network Manager Script Dispatcher Service.
░░ Subject: A start job for unit NetworkManager-dispatcher.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░
░░ A start job for unit NetworkManager-dispatcher.service has finished successfully.
░░
░░ The job identifier is 14394.
sep 26 11:51:21 redmi systemd-resolved[1129]: vpn0: Bus client set search domain list to: office.bercut.ru, corp.skylink.ru, ts.example.com, nix.example.com, net.example.com, corp.example.com, example.com
sep 26 11:51:21 redmi systemd-resolved[1129]: vpn0: Bus client set DNS server list to: 10.77.252.105, 10.77.252.107
sep 26 11:51:21 redmi NetworkManager[1267]: <info> [1695718281.9624] device (vpn0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
sep 26 11:51:21 redmi NetworkManager[1267]: <info> [1695718281.9625] device (vpn0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
sep 26 11:51:21 redmi NetworkManager[1267]: <info> [1695718281.9628] device (vpn0): Activation: successful, device activated.
For me, "nmcli con up id VPNNAME --ask" works fine, prompting me for my user/pass. Also, downgrading to networkmanager-openconnect to 1.2.8-2 works for me as well - connecting via GUI again asks for user/pass. I've created new VPN connections, verified keyrings, etc., but nothing has worked for me. For now I have added networkmanager-openconnect to my IgnorePkg list in pacman.conf (the only entry in that list) to keep it at the working version, but that's not ideal obviously.
Upper I tried downgrade, but it didn't solve the problem.
My networkmanager-openconnect is 1.2.8-2 now
pacman -Q | grep openconnect
networkmanager-openconnect 1.2.8-2
Offline
Ok, so this is basically about NM likely having changed the backend to make "--ask" behave as would be expected but broke [random GUI frontend] on that track, file a bug against the applet to adapt the new API or NM to not willy-nilly break API.
https://gitlab.gnome.org/GNOME/network- … /-/issues/
Online